Search the Community

I don't know how many times I've written about Pixel gun 3d. I've tried many different methods, and I've found out one thing: the aimbot using the aim assist function was not very effective. Because aim assist intentionally degraded its performance, no matter how high the value was modified, the performance was not good enough to be called aimbot. So I decided to focus on modifying the hitbox value. The following are the methods I tried to modify the hitbox value. 1. Find out the offset value of hitbox through dnspy and then modify the value through gg offset calculator The problem with this method is that I didn't know if the offset I found was really related to the hitbox. There were a lot of offsets that looks like related to hitboxes or head, and I tried to modify some of the values that seemed to be likely (or could be modified), but nothing happened. 2. hex editing Find the offset address found in dnspy, open the libli2cpp.so file with HxD, move it to that address, and change the value. Similarly, I didn't get meaningful results. 3. Analyze the obb file through Unity Unpacker, and then modify the xyz value of the head This method worked half as well. The aim assist responded more sensitively to the head, but when I actually fired, I couldn't hit anything. 4. Unchanged unknown value search This is, in a way, primitive, but one of the most obvious. It is to search for values that are likely to be related to hitbox (mainly 1) in Float, and then collectively modify hundreds of thousands of values by combining them by 5,000 to 6,000. But this method also didn't pay off, and some of the values immediately banned me as soon as I fixed them. 5. Field offset explorer This is a lua script that allows you to find and modify field offset values in gg. It's a very useful tool, and it actually succeeded in modifying the aim assist value to some extent, but it wasn't a meaningful achievement as I said above, and it also failed to change the hitbox value. Other than this, I did some meaningless things. If there's anything I missed, or anyone who can help me, please reply. Thank you.

View File Patcher Patcher Patcher is a game guardian library for patching memory address, it provides a simple interface and handle on/off state of patching. Installation Download the latest version of patcher from here and add it to your project. You can also load the latest version of Patcher from the cdn using the following code. local _, Patcher = pcall(load(gg.makeRequest("https://pastebin.com/raw/wz1sfmWF").content)) Usage Make sure to place the Patcher.lua file in the same directory as your script. local Patcher = require("Patcher") local il2cpp = Patcher.getBaseAddr("libil2cpp.so") local libunity = Patcher.getBaseAddr("libunity.so") local p = Patcher.new({ title = "Custom Title", }) p:add({ name = "Damage Multiplier", address = il2cpp + 0x18643A8, patch = "01 04 A0 E3 1E FF 2F E1r", }) p:add({ name = "HP Multiplier", address = libunity + 0x1864F88, patch = "01 04 A0 E3 1E FF 2F E1r" }) p:run() For more information about how to use the library, please check the repo Submitter MAARS Submitted 02/18/2023 Category Tools  

I wrote a script after looking at Work around with libil2cpp and GG using offset (#by5yarnv) (thanks to @TekMonts for awesome article) but it didn't work out as I thought, so I'm asking you a question. I find the offset value that I want to change through dnspy And I got the address and Hex code of the offset through HxD. local memFrom, memTo, lib, num, lim, results, src, ok = 0, -1, nil, 0, 32, {}, nil, false function name(n) if lib ~= n then lib = n local ranges = gg.getRangesList(lib) if #ranges == 0 then print("⚠ERROR: " .. lib .. " are not found!⚠") gg.toast("⚠ERROR: " .. lib .. " are not found!⚠") os.exit() else memFrom = ranges[1].start memTo = ranges[#ranges]["end"] end end end function hex2tbl(hex) local ret = {} hex:gsub( "%S%S", function(ch) ret[#ret + 1] = ch return "" end ) return ret end function original(orig) local tbl = hex2tbl(orig) local len = #tbl if len == 0 then return end local used = len if len > lim then used = lim end local s = "" for i = 1, used do if i ~= 1 then s = s .. ";" end local v = tbl[i] if v == "??" or v == "**" then v = "0~~0" end s = s .. v .. "r" end s = s .. "::" .. used gg.searchNumber(s, gg.TYPE_BYTE, false, gg.SIGN_EQUAL, memFrom, memTo) if len > used then for i = used + 1, len do local v = tbl[i] if v == "??" or v == "**" then v = 256 else v = ("0x" .. v) + 0 if v > 127 then v = v - 256 end end tbl[i] = v end end local found = gg.getResultCount() results = {} local count = 0 local checked = 0 while true do if checked >= found then break end local all = gg.getResults(8) local total = #all local start = checked if checked + used > total then break end for i, v in ipairs(all) do v.address = v.address + myoffset end gg.loadResults(all) while start < total do local good = true local offset = all[1 + start].address - 1 if used < len then local get = {} for i = lim + 1, len do get[i - lim] = {address = offset + i, flags = gg.TYPE_BYTE, value = 0} end get = gg.getValues(get) for i = lim + 1, len do local ch = tbl[i] if ch ~= 256 and get[i - lim].value ~= ch then good = false break end end end if good then count = count + 1 results[count] = offset checked = checked + used else local del = {} for i = 1, used do del[i] = all[i + start] end gg.removeResults(del) end start = start + used end end end function replaced(repl) num = num + 1 local tbl = hex2tbl(repl) if src ~= nil then local source = hex2tbl(src) for i, v in ipairs(tbl) do if v ~= "??" and v ~= "**" and v == source[i] then tbl[i] = "**" end end src = nil end local cnt = #tbl local set = {} local s = 0 for _, addr in ipairs(results) do for i, v in ipairs(tbl) do if v ~= "??" and v ~= "**" then s = s + 1 set[s] = {["address"] = addr + i, ["value"] = v .. "r", ["flags"] = gg.TYPE_BYTE} end end end if s ~= 0 then gg.setValues(set) end ok = true end function HOME() A = gg.multiChoice( { "AutoaimDistance", "Exit" }, nil, "qwer098 Prototype" ) if A == nil then else if A[1] == true then AutoaimDistance() end if A[1] == true then os.exit() end end end function AutoaimDistance() gg.setRanges ( gg .REGION_CODE_APP | gg .REGION_C_DATA) name('libil2cpp.so') myoffset = 0x3175834 original('F4 4F BE A9 FD 7B 01 A9') replaced('7A 04 44 E3 1E FF 2F E1') gg.toast("Done!") end HOME() ...and I wrote the script, referencing the article above, and I ran it in the game. And here's the result. I don't think I found the wrong offset. Of course, I'll have to try something more diverse, but I don't think that offset was useless. And, there are too many unexpectedly searched values like 300k. (I don't know if this is wrong, do other scripts work this way too?) plus, the offset value is float, but in gg it's written as byte. If you have any tips on Hex Patch, please let me know. It's not easy..

A new major update of the game 'Night of the Full Moon' is coming out soon, which kinda caught my attention. I was able to mod an older version of the game (1.5.1.37), but that approach doesn't work for the newest version anymore (1.5.1.50). Here's my analysis: -The developers use their own anti-tamper solution called 'HProtect'. It (was?) responsible for decrypting the metadata, and it also force closed the game if any changes were detected. -They updated HProtect, and I wasn't able to figure out what it does now. -The metadata in the old version of the game was obviously obfuscated, but the one in the new version is not, since the 4 magic bytes are valid (I uploaded some screenshots). -The il2cpp.so binary seems to be valid and not encrypted at all. Things that I tried so far: -Using the zygisk il2cppdumper didn't work (dump.cs hasn't been created), but it did work with the old version of the game though. -Dumping via GameGuardian worked, but the output was identical to the file you get from the apk. -il2cppdumper gives me the "System.IO.EndOfStreamException: Unable to read beyond the end of the stream" error when trying to dump. -il2cppInspector says "could not verify the integrity of the metadata file or accurately identify the metadata sub-version" when selecting the metadata file. -Libdumper didn't work (also produced the identical output). I'm kinda lost at this point, it would be great if someone could help me out with this. Also, please let me know if I forgot to include something. Thanks in advance Metadata from the newest version.rar Metadata from the older version.rar Newest version of HProtect.rar Older version of HProtect.rar